The vulnerability paves a way for a hacker to steal passwords and encryption keys from affected PCs or servers, according to a Google security researcher.
If you own an AMD chip built with the Zen 2 architecture, be on the lookout for an important patch in the coming months. A security researcher discovered a flaw in AMD’s CPUs that can be exploited to steal passwords and encryption keys from a PC.
The finding comes from Tavis Ormandy, a security researcher at Google, who warns the vulnerability affects all Zen 2 CPUs, which span both desktop and laptop chips largely in the Ryzen 3000 and 4000 line, in addition to Epyc “Rome” processors.
By abusing the flaw, a hacker can trigger a Zen 2 CPU to leak normally protected data, which can include sensitive details. “The attack can even be carried out remotely through JavaScript on a website, meaning that the attacker need not have physical access to the computer or server,” adds internet backbone provider Cloudflare.
Ormandy discovered the problem while “fuzzing” the AMD processors, which essentially involves trying to get the chips to crash by bombarding them with invalid instructions.